MetaTrader 5 Android OS Help

Extended Authentication

The trading platform provides an option of extended authorization using SSL certificates, which greatly increases the system security. The extended authentication can be enabled on the server. When it is enabled, the standard authentication is still active. In any case, users need to specify their account details.

The authentication algorithm is standard and highly reliable; it is completely similar to SSL authentication.

Connection between the client and server is established over a custom protocol, while any data transmitted is securely encrypted.

A public key can be freely distributed and used to authenticate the message, which is signed using a secret key. It is guaranteed, that knowing a public key, it is impossible to compute the secret key within a reasonable time. The calculation of a secret key based on a public one, even on powerful modern computers, can take tens or even hundreds of years.

The certificate is not required when connecting using an investor password.

Order of Generating and Receiving a Certificate

When trying to authorize using an account with the extended authorization enabled, you will need to go through standard authorization. After that, the trade server sends a request to the platform to generate two keys: private and public. The public key is sent to the trade server.

Based on the account data, the server generates a certificate and signs it with its private key (the server's private key signature guarantees that the certificate cannot be falsified).

Extended authentication certificate can be obtained via the mobile or desktop version of the platform when opening an account. It can also be generated by a broker and submitted to a trader.

How to Install the Certificate when Opening an Account in the Mobile Platform

Similarly, the certificate is generated on the broker's side. After receiving the account number and password, the trader goes through the primary basic authorization on the mobile device. After that the certificate is generated.

The certificate is only generated if the trader has not generated a certificate for this account (for example, by connecting to the account from a desktop platform).

The certificate file is saved on the device during installation. To protect the certificate, you need to specify the password and confirm it.

The password set to the certificate must contain at least two types of characters (lower case letters, upper case letters, numbers or special characters), and consist of not less than five characters.

After all of the required data are specified, press "Next". The certificate will be generated and saved in protected storage of the device internal memory. Only MetaTrader 5 Android application will have access to the storage.

After connecting using the new account, the installed certificate can be viewed in "Accounts" section. No additional operations with the certificate are required.

How to Install a Certificate When Opening an Account from the Desktop Platform

Add the certificate top the Windows storage – if this option is ticked off, the certificate will be automatically installed to the operating system storage.

The password set to the certificate must contain at least two types of characters (lower case letters, upper case letters, numbers or special characters), and consist of not less than five characters.

After all of the required data are specified, press "Continue". After that the certificate is packed and protected by the specified password. The resulting certificate file *.pfx is stored in /platform_folder/config/certificates, from which it can be transferred later. Names to the certificate files are assigned according to the following rule: Login_ID_Name.pfx, where:

Login – account number;

ID – short name of the company the account was opened in;

Name – name of a client specified when creating the account.

Even having access to the *.pfx file, the certificate cannot be used without the password.

Certificates are generated only during the first account connection or when a certificate is intentionally reset on the server.

In order to use the certificate in the MetaTrader 5 for Android, you should transfer it to the mobile platform.

Certificate transfer

The certificate is transferred securely via a trading server:

The certificate is first encrypted on the desktop platform: the account owner sets the password for certificate encryption using the secure AES-256 algorithm. This password is only known to the user, and it will not be sent to the server.

Next, the encrypted certificate is sent to the trade server where it is stored before receipt via a mobile platform but no more than an hour.

In order to receive the certificate, the user should connect to the account via the mobile platform. After connecting, the user is prompted to import the certificate. To do this, they should enter the password that was used to encrypt the certificate in the desktop platform.

The certificate transfer is secure: the trading server is used solely as an intermediate storage, while encryption is performed at the user's side. The certificate password is not transferred or stored on the trade server.

How to transfer the certificate

Connect to the account via the desktop platform and select "Transfer SSL certificate to mobile device" in its context menu:

Specify the master password of the account to confirm that it belongs to you. Next, set a password to protect the certificate before sending it to the server, or use a random password that is generated automatically. The password should consist of at least 8 digits.

After successfully sending the certificate to the server, open the mobile platform and connect to the account. You will immediately be prompted to import the certificate. Confirm and enter the password that you have set from the desktop platform.

You can view the certificate in About — Certificates.

Another transfer option

If you want to use the certificate in MetaTrader 5 Android, choose one of the following methods to copy it to your device:

connect your device to a PC and copy the file;

send your certificate via e-mail and open the appropriate message on the device;

send a certificate to your device via bluetooth.

Launch MetaTrader 5 Android and move to "Accounts" section. Press to open the list of the already installed certificates. Next, press to search for the certificate files on the device.

Tap on a certificate to install it. Enter certificate password that was specified when obtaining the certificate via the desktop version of the trading platform.

Deleting certificate

If you have installed a wrong certificate, it can be deleted. Press and hold the certificate. The context menu will appear:

Tap "Delete certificate".

Installing a Certificate from the Brokerage Company

Real accounts (not demo ones) can be opened by a brokerage company. The extended authorization mode can also be used for such accounts.

In that case a company submits pfx certificate file together with the rest of the data necessary for authentication. This certificate must be installed on the device according to the instructions received via the desktop version of the trading platform.

Certificate Absence

If the extended authentication mode is used for an account but the appropriate certificate has not been installed, an error message will appear when you try to connect to your account.

Install the appropriate certificate following the instructions above to continue working with your account.

Certificate Export

The previously installed certificate can be exported to a file. This will allow using it on other devices or the desktop version of the trading platform.

Move to "Accounts" section. Long tap on the certificate to open its context menu.

Then tap "Export certificate" and enter the password used to protect the certificate during installation.

Enter the password and press "OK". The certificate will be exported to the external storage of the device. The name of the generated file will be displayed in the new window:

Now, you can copy the certificate from the device by connecting it to PC, via Bluetooth, e-mail, etc.